General
-
Target
file.exe
-
Size
7.4MB
-
Sample
230328-rrvqzsbe63
-
MD5
bbf372fb43f0917b96f033a1f040f4a2
-
SHA1
ef7b4a7323757846d2602708a238203b21eb7da2
-
SHA256
fbd61d7ddfdaabbbe01fbbce11894b0b21de7b1b5d03bf7dd8dbce39adfa9149
-
SHA512
174d58e4c19890e80b6b41cbf80061f992584c20321d74f75c869fd4b8d6445a360ab6b5d0bc628390ae544aebeec7266f3a365295bb9c55b7200ad6d5ac9541
-
SSDEEP
196608:V2zKCzPsO4kcjc1ag8QbeOjHZ5AOdml1JxxYUO4L+WjpjY:V2TsO42ag8QbhZvdml1JxxYPmlk
Static task
static1
Behavioral task
behavioral1
Sample
file.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
file.exe
Resource
win10v2004-20230220-en
Malware Config
Extracted
redline
LogsDiller Cloud (Telegram: @logsdillabot)
51.210.161.21:36108
-
auth_value
c2955ed3813a798683a185a82e949f88
Targets
-
-
Target
file.exe
-
Size
7.4MB
-
MD5
bbf372fb43f0917b96f033a1f040f4a2
-
SHA1
ef7b4a7323757846d2602708a238203b21eb7da2
-
SHA256
fbd61d7ddfdaabbbe01fbbce11894b0b21de7b1b5d03bf7dd8dbce39adfa9149
-
SHA512
174d58e4c19890e80b6b41cbf80061f992584c20321d74f75c869fd4b8d6445a360ab6b5d0bc628390ae544aebeec7266f3a365295bb9c55b7200ad6d5ac9541
-
SSDEEP
196608:V2zKCzPsO4kcjc1ag8QbeOjHZ5AOdml1JxxYUO4L+WjpjY:V2TsO42ag8QbhZvdml1JxxYPmlk
-
RedLine
RedLine Stealer is a malware family written in C#, first appearing in early 2020.
-
Identifies VirtualBox via ACPI registry values (likely anti-VM)
-
Checks BIOS information in registry
BIOS information is often read in order to detect sandboxing environments.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Accesses cryptocurrency files/wallets, possible credential harvesting
-
Checks installed software on the system
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Suspicious use of NtSetInformationThreadHideFromDebugger
-